WinPFind35 logfile created on: 2/21/2008 1:24:08 PM WinPFind35U Version 1.0.0.0 Folder = C:\Documents and Settings\Owner.Joshua_Hapner\Desktop\WinPFind35u Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.11 Mb Total Physical Memory | 573.27 Mb Available Physical Memory | 56.53% Memory free 2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.33% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51.73 Gb Total Space | 30.03 Gb Free Space | 58.05% Space Free | Partition Type: NTFS Drive D: | 6.83 Gb Total Space | 3.49 Gb Free Space | 51.08% Space Free | Partition Type: FAT32 Drive E: | 53.22 Gb Total Space | 21.40 Gb Free Space | 40.22% Space Free | Partition Type: NTFS Drive F: | 679.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 120.80 Mb Total Space | 27.93 Mb Free Space | 23.12% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JOSHUA_HAPNER Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 3:39:20 AM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 3:31:22 AM | Attr = ] vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/8/2007 11:01:58 PM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/26/2007 8:05:17 PM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/6/2007 4:05:01 PM | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 10/12/2005 3:30:24 PM | Attr = ] prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 1/6/2007 4:55:59 PM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 3:24:22 AM | Attr = ] syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 11/5/2004 10:47:00 AM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 11/5/2004 10:47:00 AM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 139264 bytes | Modified Date = 10/12/2005 3:30:42 PM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4889.0 nd375 cp1 | Size = 413696 bytes | Modified Date = 12/27/2005 1:20:14 PM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/23/2006 3:17:04 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 3:13:40 PM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 3:17:50 PM | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.0.5 | Size = 802816 bytes | Modified Date = 8/2/2006 3:38:30 AM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 163840 bytes | Modified Date = 3/23/2006 3:13:30 PM | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.0.1 | Size = 696320 bytes | Modified Date = 8/2/2006 3:32:44 AM | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/8/2007 11:02:00 PM | Attr = ] dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.0.3 | Size = 479232 bytes | Modified Date = 8/2/2006 3:27:54 AM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/20/2008 11:36:44 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/26/2007 8:05:17 PM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/6/2007 4:05:01 PM | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.0.20 | Size = 434176 bytes | Modified Date = 8/2/2006 3:39:20 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> File not found (IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 86140 bytes | Modified Date = 10/12/2005 3:30:24 PM | Attr = ] (McDetect.exe) McAfee WSC Integration [Win32_Own | Auto | Stopped] -> %ProgramFiles%\mcafee.com\agent\mcdetect.exe -> File not found (McShield) McAfee.com McShield [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\vso\mcshield.exe -> File not found (McTskshd.exe) McAfee Task Scheduler [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\mcafee.com\agent\mctskshd.exe -> File not found (mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> File not found (PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 1/6/2007 4:55:59 PM | Attr = ] (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.0.4 | Size = 327680 bytes | Modified Date = 8/2/2006 3:24:22 AM | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.0.34 | Size = 937984 bytes | Modified Date = 8/2/2006 3:31:22 AM | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 75568 bytes | Modified Date = 3/8/2007 11:01:58 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (AegisP) AEGIS Protocol (IEEE 802.1x) v3.5.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.5.3.0 | Size = 21419 bytes | Modified Date = 1/6/2007 5:04:10 PM | Attr = ] (AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 6:07:44 PM | Attr = ] (asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 1/6/2007 4:54:05 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 10/26/2007 8:05:15 PM | Attr = ] (Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/6/2007 4:05:04 PM | Attr = ] (Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/24/2007 12:56:53 PM | Attr = ] (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] (AvgTdi) AVG Network Redirector [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/6/2007 4:05:04 PM | Attr = ] (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdr4_xp.sys -> Roxio [Ver = 7.1.0.188 | Size = 44288 bytes | Modified Date = 11/10/2004 8:27:34 PM | Attr = ] (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdralw2k.sys -> Roxio [Ver = 7.1.0.188 | Size = 24832 bytes | Modified Date = 11/10/2004 8:30:18 PM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 8:07:18 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4543 | Size = 1166972 bytes | Modified Date = 3/23/2006 3:47:06 PM | Attr = ] (iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 5.5.0.1035 | Size = 874240 bytes | Modified Date = 10/12/2005 3:07:12 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (NETw3x32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 68 | Size = 1709696 bytes | Modified Date = 9/27/2006 5:36:24 AM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (pipnrkxy) pipnrkxy [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\jsrfzmze.dat -> [Ver = | Size = 19584 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.26a | Size = 20576 bytes | Modified Date = 5/13/2005 3:54:10 AM | Attr = ] (ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 10.5.0.1 | Size = 12544 bytes | Modified Date = 8/2/2006 4:27:48 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 6:07:44 PM | Attr = ] (smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smserial.sys -> Motorola Inc. [Ver = SM56 Rel. 6.11 Build 11 Preview 03 | Size = 893952 bytes | Modified Date = 5/23/2006 10:30:06 PM | Attr = ] (Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 162, 0 | Size = 50416 bytes | Modified Date = 1/18/2007 4:39:20 AM | Attr = ] (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5082.0 nd479 cp1 | Size = 1179784 bytes | Modified Date = 6/15/2006 6:28:04 PM | Attr = ] (symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 185824 bytes | Modified Date = 11/5/2004 10:47:00 AM | Attr = ] (tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.2 | Size = 162432 bytes | Modified Date = 9/21/2005 3:30:56 AM | Attr = ] (ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 394192 bytes | Modified Date = 3/8/2007 11:02:10 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 8.50.1.3 built by: WinDDK | Size = 244480 bytes | Modified Date = 1/22/2006 7:50:00 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.5.0.1035 | Size = 139264 bytes | Modified Date = 10/12/2005 3:30:42 PM | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 3:13:40 PM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 3:17:50 PM | Attr = ] igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/23/2006 3:17:04 PM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.0.1 | Size = 696320 bytes | Modified Date = 8/2/2006 3:32:44 AM | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.0.5 | Size = 802816 bytes | Modified Date = 8/2/2006 3:38:30 AM | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4889.0 nd375 cp1 | Size = 413696 bytes | Modified Date = 12/27/2005 1:20:14 PM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 688218 bytes | Modified Date = 11/5/2004 10:47:00 AM | Attr = ] SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.3 08Oct04 | Size = 98394 bytes | Modified Date = 11/5/2004 10:47:00 AM | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.337.000 | Size = 919280 bytes | Modified Date = 3/8/2007 11:02:00 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG Free\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 10/26/2007 8:05:18 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG Free\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 10/26/2007 8:05:18 PM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG Free\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 10/26/2007 8:05:18 PM | Attr = ] < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG Free\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 10/26/2007 8:05:18 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Owner.Joshua_Hapner Startup Folder > -> C:\Documents and Settings\Owner.Joshua_Hapner\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006] > -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> dkvqecnj -> %SystemRoot%\system32\certclij.dll -> [Ver = | Size = 84992 bytes | Modified Date = 12/26/2007 2:25:52 PM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/23/2006 3:12:42 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006] > -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.runescape.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6958 -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6958 -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6958 -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6958 -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\] > -> -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: Main\\Start Page -> http://www.runescape.com/ -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\] > -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\] > -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 4:56:50 AM | Attr = ] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 4:10:58 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] {BE193181-FEEC-4AA0-B01D-D9BD9FDEE138} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\certclij.dll [] -> [Ver = | Size = 84992 bytes | Modified Date = 12/26/2007 2:25:52 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\] > -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Modified Date = 1/13/2007 5:54:11 PM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 98 | Size = 1062184 bytes | Modified Date = 7/2/2007 4:10:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\] > -> HKEY_USERS\S-1-5-21-35069531-792658110-389769500-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6548ED39-4FC4-41B5-8C1F-9AFEFC08B0B9} -> (1394 Net Adapter) -> {E16DC8BD-1783-46C1-82CD-5E8D38F34090} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {E7A3B223-166A-448D-8ECE-9070A6E92FE3} -> (Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 7/2/2007 4:10:58 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {95D88B35-A521-472B-A182-BB1A98356421}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab[Pearson Installation Assistant 2] -> {C946EF6D-296D-4907-A6E1-ED0E8E5AF024}[HKEY_LOCAL_MACHINE] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab[LycosMail Upload Control] -> {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> {E6D23284-0E9B-417D-A782-03E4487FC947}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/MathPlayer.cab[Pearson MathXL Player] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 7:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 620 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 20247 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.02.000 | Size = 12888 bytes | Modified Date = 10/14/2004 5:33:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1168120413\EE\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1168120413\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1168120413\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avginet.exe -> C:\Program Files\Grisoft\AVG Free\avginet.exe [C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgamsvr.exe -> C:\Program Files\Grisoft\AVG Free\avgamsvr.exe [C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/26/2007 8:05:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgcc.exe -> C:\Program Files\Grisoft\AVG Free\avgcc.exe [C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG Free\avgemc.exe -> C:\Program Files\Grisoft\AVG Free\avgemc.exe [C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 6:24:37 PM | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.2.0.175 | Size = 23237416 bytes | Modified Date = 7/2/2007 4:10:58 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat -> C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat [C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)] -> [Ver = | Size = 17945597 bytes | Modified Date = 11/28/2005 5:18:19 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 6:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 6:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] !KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 2/20/2008 9:33:59 PM | Attr = ] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 12/21/2007 2:48:58 AM | Attr = RH ] AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 12254415 bytes | Modified Date = 2/21/2008 6:00:03 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063440384 bytes | Modified Date = 2/21/2008 12:31:19 PM | Attr = HS] STSCFG.CFG -> %SystemDrive%\STSCFG.CFG -> [Ver = | Size = 2339 bytes | Modified Date = 1/8/2006 1:32:00 PM | Attr = ] TEMP -> %SystemDrive%\TEMP -> [Folder | Created Date = 1/1/2008 2:38:18 PM | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] jsrfzmze.dat -> %SystemRoot%\System32\drivers\jsrfzmze.dat -> [Ver = | Size = 19584 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] bufuzdlj.dat -> %SystemRoot%\System32\bufuzdlj.dat -> [Ver = | Size = 741632 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] certclij.dll -> %SystemRoot%\System32\certclij.dll -> [Ver = | Size = 84992 bytes | Modified Date = 12/26/2007 2:25:52 PM | Attr = ] csrlcjkd.dat -> %SystemRoot%\System32\csrlcjkd.dat -> [Ver = | Size = 120576 bytes | Modified Date = 12/25/2007 4:36:30 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\c_10001.nls -> [Ver = | Size = 162850 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\c_20000.nls -> [Ver = | Size = 180258 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\c_20290.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\c_20932.nls -> [Ver = | Size = 180770 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\c_20936.nls -> [Ver = | Size = 173602 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\c_20949.nls -> [Ver = | Size = 177698 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\c_21027.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 1/1/2008 3:31:30 PM | Attr = ] jwwgbcge.dat -> %SystemRoot%\System32\jwwgbcge.dat -> [Ver = | Size = 35072 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] libeay32.dll -> %SystemRoot%\System32\libeay32.dll -> OpenSSL [Ver = 0.9.7c | Size = 1188375 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] libssl32.dll -> %SystemRoot%\System32\libssl32.dll -> OpenSSL [Ver = 0.9.7c | Size = 246545 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll -> [Ver = | Size = 176235 bytes | Modified Date = 12/11/2006 3:12:04 PM | Attr = ] seygghnn.dat -> %SystemRoot%\System32\seygghnn.dat -> [Ver = | Size = 42240 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] svapxljp.dat -> %SystemRoot%\System32\svapxljp.dat -> [Ver = | Size = 36096 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\xjis.nls -> [Ver = | Size = 28288 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = ] Harry Potter Lumos dir -> %SystemRoot%\Harry Potter Lumos dir -> [Folder | Created Date = 2/18/2008 2:01:24 PM | Attr = ] impborl.dll -> %SystemRoot%\impborl.dll -> [Ver = | Size = 12288 bytes | Modified Date = 2/18/2008 2:01:24 PM | Attr = ] PrimoPDF -> %SystemRoot%\PrimoPDF -> [Folder | Created Date = 2/20/2008 8:01:48 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Created Date = 2/20/2008 7:51:50 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 2/20/2008 7:52:00 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29 Help -> %AppData%\Help -> [Folder | Created Date = 1/22/2008 4:54:27 PM | Attr = ] K-Meleon -> %AppData%\K-Meleon -> [Folder | Created Date = 2/20/2008 10:05:23 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Created Date = 1/29/2008 11:04:46 PM | Attr = ] My Battle for Middle-earth Files -> %AppData%\My Battle for Middle-earth Files -> [Folder | Created Date = 2/7/2008 3:50:16 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 1/22/2008 4:54:27 PM | Attr = ] Bone Cathedral.ppt -> %UserProfile%\My Documents\Bone Cathedral.ppt -> [Ver = | Size = 1147392 bytes | Modified Date = 12/6/2007 6:43:25 PM | Attr = ] CDs and DVDs -> %UserProfile%\My Documents\CDs and DVDs -> [Folder | Created Date = 1/17/2008 3:03:28 PM | Attr = ] Federal and GA Tax Returns 2007.pdf -> %UserProfile%\My Documents\Federal and GA Tax Returns 2007.pdf -> [Ver = | Size = 244224 bytes | Modified Date = 2/19/2008 10:27:31 PM | Attr = ] Federal Return Summary 2007.doc -> %UserProfile%\My Documents\Federal Return Summary 2007.doc -> [Ver = | Size = 37376 bytes | Modified Date = 2/19/2008 9:37:52 PM | Attr = ] HapnerJ Homework3.doc -> %UserProfile%\My Documents\HapnerJ Homework3.doc -> [Ver = | Size = 25600 bytes | Modified Date = 2/17/2008 10:36:50 PM | Attr = ] HapnerPPT -> %UserProfile%\My Documents\HapnerPPT -> [Folder | Created Date = 12/20/2007 12:38:34 PM | Attr = ] IN State Tax Return 2007.pdf -> %UserProfile%\My Documents\IN State Tax Return 2007.pdf -> [Ver = | Size = 177313 bytes | Modified Date = 2/19/2008 10:25:04 PM | Attr = ] Indiana State Tax Confirmation Page 2007.doc -> %UserProfile%\My Documents\Indiana State Tax Confirmation Page 2007.doc -> [Ver = | Size = 39936 bytes | Modified Date = 2/19/2008 10:24:02 PM | Attr = ] Joshua's Christmas List '07.doc -> %UserProfile%\My Documents\Joshua's Christmas List '07.doc -> [Ver = | Size = 25600 bytes | Modified Date = 12/19/2007 12:56:55 PM | Attr = ] MelanieJoyHospitalVisit.wmv -> %UserProfile%\My Documents\MelanieJoyHospitalVisit.wmv -> [Ver = | Size = 96600101 bytes | Modified Date = 11/8/2007 10:13:06 AM | Attr = ] The Battle for Middle-earth (tm).lnk -> %AllUsersProfile%\Desktop\The Battle for Middle-earth (tm).lnk -> [Ver = | Size = 1896 bytes | Modified Date = 2/7/2008 3:45:24 PM | Attr = ] Countdown to Wahsega To-Do List.xls -> %UserProfile%\Desktop\Countdown to Wahsega To-Do List.xls -> [Ver = | Size = 16384 bytes | Modified Date = 2/21/2008 1:53:53 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1739 bytes | Modified Date = 2/20/2008 9:25:42 PM | Attr = ] Notepad (2).lnk -> %UserProfile%\Desktop\Notepad (2).lnk -> [Ver = | Size = 1524 bytes | Modified Date = 1/19/2008 11:51:22 AM | Attr = ] Paint.lnk -> %UserProfile%\Desktop\Paint.lnk -> [Ver = | Size = 1520 bytes | Modified Date = 12/19/2007 1:17:13 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/21/2008 1:21:38 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480944 bytes | Modified Date = 2/21/2008 1:14:02 PM | Attr = ] EasyInfo -> %CommonProgramFiles%\EasyInfo -> [Folder | Created Date = 2/17/2008 1:42:43 PM | Attr = ] [Files/Folders - Modified Within 90 days] !KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 2/20/2008 9:33:59 PM | Attr = ] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2/21/2008 1:21:07 PM | Attr = RH ] AVG7QT.DAT -> %SystemDrive%\AVG7QT.DAT -> [Ver = | Size = 12254415 bytes | Modified Date = 2/21/2008 6:00:03 AM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2/20/2008 8:22:11 PM | Attr = HS] Drivers -> %SystemDrive%\Drivers -> [Folder | Modified Date = 1/1/2008 1:56:03 PM | Attr = ] Games -> %SystemDrive%\Games -> [Folder | Modified Date = 2/10/2008 10:16:36 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063440384 bytes | Modified Date = 2/21/2008 12:31:19 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/20/2008 9:25:42 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/20/2008 8:50:08 PM | Attr = HS] TEMP -> %SystemDrive%\TEMP -> [Folder | Modified Date = 1/1/2008 2:38:18 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/21/2008 12:33:49 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 2:51:04 AM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 12/21/2007 2:51:03 AM | Attr = ] jsrfzmze.dat -> %SystemRoot%\System32\drivers\jsrfzmze.dat -> [Ver = | Size = 19584 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] bufuzdlj.dat -> %SystemRoot%\System32\bufuzdlj.dat -> [Ver = | Size = 741632 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/19/2008 5:42:04 PM | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> certclij.dll -> %SystemRoot%\System32\certclij.dll -> [Ver = | Size = 84992 bytes | Modified Date = 12/26/2007 2:25:52 PM | Attr = ] csrlcjkd.dat -> %SystemRoot%\System32\csrlcjkd.dat -> [Ver = | Size = 120576 bytes | Modified Date = 12/25/2007 4:36:30 PM | Attr = ] d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat -> [Ver = | Size = 552 bytes | Modified Date = 1/1/2008 3:31:30 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/14/2008 2:32:02 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/20/2008 8:54:32 PM | Attr = ] jwwgbcge.dat -> %SystemRoot%\System32\jwwgbcge.dat -> [Ver = | Size = 35072 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] libeay32.dll -> %SystemRoot%\System32\libeay32.dll -> OpenSSL [Ver = 0.9.7c | Size = 1188375 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] libssl32.dll -> %SystemRoot%\System32\libssl32.dll -> OpenSSL [Ver = 0.9.7c | Size = 246545 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 12/8/2007 11:20:37 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/20/2008 8:50:08 PM | Attr = ] seygghnn.dat -> %SystemRoot%\System32\seygghnn.dat -> [Ver = | Size = 42240 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] svapxljp.dat -> %SystemRoot%\System32\svapxljp.dat -> [Ver = | Size = 36096 bytes | Modified Date = 12/22/2007 3:54:33 PM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 49616 bytes | Modified Date = 2/21/2008 12:34:02 PM | Attr = H ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/20/2008 8:06:17 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/13/2008 12:17:17 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/21/2008 12:31:22 PM | Attr = S] CIV.INI -> %SystemRoot%\CIV.INI -> [Ver = | Size = 175 bytes | Modified Date = 1/18/2008 3:33:34 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/15/2008 12:40:19 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 12/27/2007 7:43:23 PM | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2/12/2008 2:26:33 PM | Attr = R S] Harry Potter Lumos dir -> %SystemRoot%\Harry Potter Lumos dir -> [Folder | Modified Date = 2/18/2008 2:01:25 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/22/2008 4:54:27 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2/14/2008 2:31:45 AM | Attr = ] impborl.dll -> %SystemRoot%\impborl.dll -> [Ver = | Size = 12288 bytes | Modified Date = 2/18/2008 2:01:24 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/14/2008 2:31:58 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/14/2008 2:32:03 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/20/2008 8:01:57 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2/21/2008 12:35:21 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2/21/2008 12:04:42 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/21/2008 1:22:06 PM | Attr = ] PrimoPDF -> %SystemRoot%\PrimoPDF -> [Folder | Modified Date = 2/20/2008 8:01:48 PM | Attr = ] primopdf.ini -> %SystemRoot%\primopdf.ini -> [Ver = | Size = 310 bytes | Modified Date = 2/20/2008 8:01:51 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/12/2008 7:56:01 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/12/2008 7:56:01 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/21/2008 12:33:55 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2/8/2008 12:13:41 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/20/2008 9:02:49 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/27/2008 11:18:44 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/21/2008 12:34:03 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 1/1/2008 2:41:38 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/20/2008 8:01:57 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/21/2008 12:31:30 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2/21/2008 12:34:41 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2/21/2008 12:34:41 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11074 bytes | Modified Date = 1/15/2007 3:04:12 PM | Attr = ] mspi11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\PI\mspi11.dat -> [Ver = | Size = 4 bytes | Modified Date = 11/23/2007 1:51:35 PM | Attr = ] mspod11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\POD\mspod11.dat -> [Ver = | Size = 4 bytes | Modified Date = 11/23/2007 1:51:35 PM | Attr = ] GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat -> [Ver = | Size = 101321 bytes | Modified Date = 2/20/2005 7:20:04 PM | Attr = ] AutoRun.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\AutoRun.exe -> Electronic Arts Inc. [Ver = 1.3.0.342 | Size = 684032 bytes | Modified Date = 11/14/2004 8:53:50 PM | Attr = ] GLF1EB.EXE -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\GLF1EB.EXE -> [Ver = | Size = 295520 bytes | Modified Date = 1/6/2007 12:26:26 PM | Attr = ] GLF8.EXE -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\GLF8.EXE -> [Ver = | Size = 297568 bytes | Modified Date = 1/6/2007 12:24:52 PM | Attr = ] GLF9.EXE -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\GLF9.EXE -> [Ver = | Size = 292984 bytes | Modified Date = 1/6/2007 12:25:34 PM | Attr = ] TFUD.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\TFUD.exe -> PC Tools [Ver = 3.7.12.20 | Size = 165184 bytes | Modified Date = 12/20/2007 11:24:34 AM | Attr = ] 184 C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp -> NOT_GoogleUpdater.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\NOT_GoogleUpdater.exe -> Google [Ver = 2.0.755.22488.beta | Size = 123640 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] NOT_GoogleUpdaterAdminPrefs.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\NOT_GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.0.755.22488.beta | Size = 182520 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] NOT_GoogleUpdaterInstallMgr.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\NOT_GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.0.755.22488.beta | Size = 581880 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] NOT_GoogleUpdaterRestartManager.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\NOT_GoogleUpdaterRestartManager.exe -> Google [Ver = 2.0.755.22488.beta | Size = 123640 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] NOT_GoogleUpdaterSetup.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\NOT_GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.0.755.22488.beta | Size = 123128 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] RipIt4Me.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\Temporary Directory 1 for RipIt4Me.zip\RipIt4Me.exe -> [Ver = 1, 6, 4, 0 | Size = 552960 bytes | Modified Date = 1/9/2007 10:30:46 PM | Attr = ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for RipIt4Me.zip\RipIt4Me.exe:Zone.Identifier RipIt4Me.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\Temporary Directory 1 for RipIt4MeDVDs.zip\RipIt4Me.exe -> [Ver = 1, 6, 3, 0 | Size = 487424 bytes | Modified Date = 12/10/2006 4:44:56 PM | Attr = ] StartupCPL.exe -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\Temporary Directory 1 for StartupCPL[1].zip\StartupCPL.exe -> [Ver = | Size = 72722 bytes | Modified Date = 1/3/2003 7:33:04 PM | Attr = ] AutoRunGUI.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\AutoRunGUI.dll -> Electronic Arts Inc. [Ver = 1.03.00.00 | Size = 929792 bytes | Modified Date = 11/14/2004 6:08:55 PM | Attr = ] uninst.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\uninst.dll -> [Ver = | Size = 114688 bytes | Modified Date = 10/8/2004 1:06:04 AM | Attr = ] 184 C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp -> ci.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\ci.dll -> Google [Ver = 2.0.755.22488.beta | Size = 824320 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] cires_en.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\cires_en.dll -> [Ver = | Size = 123392 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] npCIDetect9.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\gis76b98\2.0.755.22488\npCIDetect9.dll -> Google [Ver = 2.0.755.22488.beta | Size = 82944 bytes | Modified Date = 2/1/2007 3:55:11 PM | Attr = ] dbmslpcn.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\SqlSetup\Temp\dbmslpcn.dll -> Microsoft Corporation [Ver = 2000.080.2039.00 | Size = 20480 bytes | Modified Date = 5/4/2005 12:02:26 AM | Attr = ] dbnetlib.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\SqlSetup\Temp\dbnetlib.dll -> Microsoft Corporation [Ver = 2000.085.1117 built by: (_sqlbld) | Size = 106496 bytes | Modified Date = 4/28/2004 10:00:32 AM | Attr = ] odbcbcp.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\SqlSetup\Temp\odbcbcp.dll -> Microsoft Corporation [Ver = 2000.085.1117.00 built by: (_sqlbld) | Size = 24576 bytes | Modified Date = 4/28/2004 10:01:18 AM | Attr = ] sqlsrv32.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\SqlSetup\Temp\sqlsrv32.dll -> Microsoft Corporation [Ver = 2000.085.1117.00 built by: (_sqlbld) | Size = 421888 bytes | Modified Date = 4/28/2004 10:00:32 AM | Attr = ] SQLUNIRL.dll -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\SqlSetup\Temp\SQLUNIRL.dll -> Microsoft Corporation [Ver = 2000.080.2039.00 | Size = 192512 bytes | Modified Date = 5/4/2005 12:02:22 AM | Attr = ] _vdmstmsnd_.dat -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\_vdmstmsnd_.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/21/2007 2:48:35 AM | Attr = ] 184 C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp -> jwyjbktg.ini -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\jwyjbktg.ini -> [Ver = | Size = 4 bytes | Modified Date = 12/26/2007 2:25:22 PM | Attr = ] 184 C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Temp\*.tmp -> advpack.dll -> C:\WINDOWS\Temp\~dxmcab~\advpack.dll -> Microsoft Corporation [Ver = 4.71.1015.0 | Size = 74960 bytes | Modified Date = 8/19/2007 4:37:03 PM | Attr = ] cabinet.dll -> C:\WINDOWS\Temp\~dxmcab~\cabinet.dll -> Microsoft Corporation [Ver = 1.00.601.4 | Size = 67072 bytes | Modified Date = 8/19/2007 4:37:03 PM | Attr = ] cfgmgr32.dll -> C:\WINDOWS\Temp\~dxmcab~\cfgmgr32.dll -> [Ver = | Size = 23552 bytes | Modified Date = 8/19/2007 4:37:03 PM | Attr = ] setupapi.dll -> C:\WINDOWS\Temp\~dxmcab~\setupapi.dll -> Microsoft Corporation [Ver = 4.00 | Size = 327072 bytes | Modified Date = 8/19/2007 4:37:03 PM | Attr = ] Perflib_Perfdata_4f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/4/2008 4:58:38 PM | Attr = ] Perflib_Perfdata_520.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_520.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/17/2008 12:20:12 PM | Attr = ] Perflib_Perfdata_6f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/21/2008 12:33:49 PM | Attr = ] Perflib_Perfdata_a0c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a0c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/20/2008 9:07:59 PM | Attr = ] Perflib_Perfdata_b3c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b3c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/20/2008 11:58:45 PM | Attr = ] 27 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = ] jwyjbktg.ini -> C:\WINDOWS\Temp\jwyjbktg.ini -> [Ver = | Size = 4 bytes | Modified Date = 2/20/2008 8:27:18 PM | Attr = ] 27 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4Z2R07C7\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8BCRU9YF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AN6NQTSF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CPSFGTQF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/6/2007 5:17:01 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 2/20/2008 9:02:43 PM | Attr = ] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 2/21/2008 6:00:01 AM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 12/15/2007 6:56:19 PM | Attr = ] PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Modified Date = 2/20/2008 7:51:50 PM | Attr = ] QuickTime -> %AllUsersProfile%\Application Data\QuickTime -> [Folder | Modified Date = 2/12/2008 7:56:08 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2/20/2008 8:54:28 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29 Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 12/8/2007 12:28:46 AM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 1/22/2008 4:54:27 PM | Attr = ] K-Meleon -> %AppData%\K-Meleon -> [Folder | Modified Date = 2/20/2008 10:05:23 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 2/5/2008 10:54:57 PM | Attr = ] My Battle for Middle-earth Files -> %AppData%\My Battle for Middle-earth Files -> [Folder | Modified Date = 2/17/2008 1:55:13 PM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 2/20/2008 10:13:22 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 2/20/2008 1:28:01 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 29696 bytes | Modified Date = 2/3/2008 12:42:56 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 1/22/2008 4:54:27 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4813888 bytes | Modified Date = 2/7/2008 11:47:19 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2/17/2008 11:23:42 PM | Attr = ] Bone Cathedral.ppt -> %UserProfile%\My Documents\Bone Cathedral.ppt -> [Ver = | Size = 1147392 bytes | Modified Date = 12/6/2007 6:43:25 PM | Attr = ] CDs and DVDs -> %UserProfile%\My Documents\CDs and DVDs -> [Folder | Modified Date = 1/17/2008 3:03:53 PM | Attr = ] Federal and GA Tax Returns 2007.pdf -> %UserProfile%\My Documents\Federal and GA Tax Returns 2007.pdf -> [Ver = | Size = 244224 bytes | Modified Date = 2/19/2008 10:27:31 PM | Attr = ] Federal Return Summary 2007.doc -> %UserProfile%\My Documents\Federal Return Summary 2007.doc -> [Ver = | Size = 37376 bytes | Modified Date = 2/19/2008 9:37:52 PM | Attr = ] Grad School Info -> %UserProfile%\My Documents\Grad School Info -> [Folder | Modified Date = 2/20/2008 8:03:51 PM | Attr = ] HapnerJ Homework3.doc -> %UserProfile%\My Documents\HapnerJ Homework3.doc -> [Ver = | Size = 25600 bytes | Modified Date = 2/17/2008 10:36:50 PM | Attr = ] HapnerPPT -> %UserProfile%\My Documents\HapnerPPT -> [Folder | Modified Date = 12/20/2007 1:16:07 PM | Attr = ] IN State Tax Return 2007.pdf -> %UserProfile%\My Documents\IN State Tax Return 2007.pdf -> [Ver = | Size = 177313 bytes | Modified Date = 2/19/2008 10:25:04 PM | Attr = ] Indiana State Tax Confirmation Page 2007.doc -> %UserProfile%\My Documents\Indiana State Tax Confirmation Page 2007.doc -> [Ver = | Size = 39936 bytes | Modified Date = 2/19/2008 10:24:02 PM | Attr = ] Job Search -> %UserProfile%\My Documents\Job Search -> [Folder | Modified Date = 2/8/2008 1:00:07 PM | Attr = ] Joshua's Christmas List '07.doc -> %UserProfile%\My Documents\Joshua's Christmas List '07.doc -> [Ver = | Size = 25600 bytes | Modified Date = 12/19/2007 12:56:55 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 12/19/2007 12:13:23 AM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/9/2008 1:47:09 AM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 1/17/2008 3:12:53 PM | Attr = R ] Runescape Files -> %UserProfile%\My Documents\Runescape Files -> [Folder | Modified Date = 2/15/2008 5:22:12 PM | Attr = ] Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [Ver = | Size = 2257 bytes | Modified Date = 2/20/2008 10:03:34 PM | Attr = ] The Battle for Middle-earth (tm).lnk -> %AllUsersProfile%\Desktop\The Battle for Middle-earth (tm).lnk -> [Ver = | Size = 1896 bytes | Modified Date = 2/7/2008 3:45:24 PM | Attr = ] Barrows Item List.xls -> %UserProfile%\Desktop\Barrows Item List.xls -> [Ver = | Size = 32256 bytes | Modified Date = 2/15/2008 2:03:28 PM | Attr = ] Countdown to Wahsega To-Do List.xls -> %UserProfile%\Desktop\Countdown to Wahsega To-Do List.xls -> [Ver = | Size = 16384 bytes | Modified Date = 2/21/2008 1:53:53 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1739 bytes | Modified Date = 2/20/2008 9:25:42 PM | Attr = ] KBD Guide.doc -> %UserProfile%\Desktop\KBD Guide.doc -> [Ver = | Size = 43520 bytes | Modified Date = 12/24/2007 12:17:21 AM | Attr = ] Microsoft Office Excel 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Excel 2003.lnk -> [Ver = | Size = 2495 bytes | Modified Date = 2/17/2008 10:55:15 PM | Attr = ] Microsoft Office Word 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 2/20/2008 10:06:32 PM | Attr = ] Notepad (2).lnk -> %UserProfile%\Desktop\Notepad (2).lnk -> [Ver = | Size = 1524 bytes | Modified Date = 1/19/2008 11:51:22 AM | Attr = ] Paint.lnk -> %UserProfile%\Desktop\Paint.lnk -> [Ver = | Size = 1520 bytes | Modified Date = 12/19/2007 1:17:13 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/21/2008 1:21:38 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480944 bytes | Modified Date = 2/21/2008 1:14:02 PM | Attr = ] EasyInfo -> %CommonProgramFiles%\EasyInfo -> [Folder | Modified Date = 2/17/2008 1:42:43 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = RH ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 1/6/2007 4:30:35 PM | Attr = ] Intel -> C:\Documents and Settings\Administrator\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 1/6/2007 4:53:10 PM | Attr = S] SampleView -> C:\Documents and Settings\Administrator\Application Data\SampleView -> [Folder | Modified Date = 1/6/2007 4:55:35 PM | Attr = ] You've Got Pictures Screensaver -> C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver -> [Folder | Modified Date = 1/6/2007 4:54:25 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 2/20/2008 7:52:00 PM | Attr = H ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 1/6/2007 4:51:08 PM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 2/20/2008 9:02:43 PM | Attr = ] avg7 -> C:\Documents and Settings\All Users\Application Data\avg7 -> [Folder | Modified Date = 2/21/2008 6:00:01 AM | Attr = ] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [Folder | Modified Date = 1/20/2007 1:12:58 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 1/6/2007 4:23:04 PM | Attr = ] Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater -> [Folder | Modified Date = 12/15/2007 6:56:19 PM | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 1/6/2007 4:05:01 PM | Attr = ] Intel -> C:\Documents and Settings\All Users\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:03:57 PM | Attr = ] McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee -> [Folder | Modified Date = 1/6/2007 3:46:03 PM | Attr = ] McAfee.com -> C:\Documents and Settings\All Users\Application Data\McAfee.com -> [Folder | Modified Date = 1/6/2007 3:50:26 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 1/15/2007 3:06:33 PM | Attr = S] Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [Folder | Modified Date = 1/6/2007 3:43:14 PM | Attr = ] PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools -> [Folder | Modified Date = 2/20/2008 7:51:50 PM | Attr = ] Prism Deploy -> C:\Documents and Settings\All Users\Application Data\Prism Deploy -> [Folder | Modified Date = 1/6/2007 4:30:37 PM | Attr = ] Pure Networks -> C:\Documents and Settings\All Users\Application Data\Pure Networks -> [Folder | Modified Date = 1/6/2007 4:53:53 PM | Attr = ] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [Folder | Modified Date = 2/12/2008 7:56:08 PM | Attr = ] Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [Folder | Modified Date = 7/11/2007 5:08:00 PM | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 2/20/2008 8:54:28 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:1CA73D29 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 3/13/2007 2:17:32 AM | Attr = ] WildTangent -> C:\Documents and Settings\All Users\Application Data\WildTangent -> [Folder | Modified Date = 1/6/2007 4:51:08 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 3/3/2007 7:30:12 PM | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 1/6/2007 4:30:35 PM | Attr = ] Intel -> C:\Documents and Settings\Default User\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 1/6/2007 4:53:10 PM | Attr = S] SampleView -> C:\Documents and Settings\Default User\Application Data\SampleView -> [Folder | Modified Date = 1/6/2007 4:55:35 PM | Attr = ] You've Got Pictures Screensaver -> C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver -> [Folder | Modified Date = 1/6/2007 4:54:25 PM | Attr = ] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] AVG7 -> C:\Documents and Settings\LocalService\Application Data\AVG7 -> [Folder | Modified Date = 1/6/2007 4:05:05 PM | Attr = ] Intel -> C:\Documents and Settings\LocalService\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 1/6/2007 5:01:09 PM | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 1/6/2007 4:30:38 PM | Attr = S] C:\Documents and Settings\Owner\Application Data\ -> C:\Documents and Settings\Owner\Application Data -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] Intel -> C:\Documents and Settings\Owner\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\ -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data -> [Folder | Modified Date = 2/20/2008 10:05:23 PM | Attr = RH ] Adobe -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Adobe -> [Folder | Modified Date = 12/8/2007 12:28:46 AM | Attr = ] AdobeUM -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\AdobeUM -> [Folder | Modified Date = 1/18/2007 11:21:49 AM | Attr = ] AVG7 -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\AVG7 -> [Folder | Modified Date = 1/6/2007 4:06:12 PM | Attr = ] CyberLink -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\CyberLink -> [Folder | Modified Date = 1/20/2007 3:03:39 PM | Attr = ] DeepBurner -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\DeepBurner -> [Folder | Modified Date = 1/20/2007 6:03:10 PM | Attr = ] Google -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Google -> [Folder | Modified Date = 1/6/2007 4:46:09 PM | Attr = ] Help -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Help -> [Folder | Modified Date = 1/22/2008 4:54:27 PM | Attr = ] Identities -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Identities -> [Folder | Modified Date = 1/6/2007 4:30:35 PM | Attr = ] Intel -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Intel -> [Folder | Modified Date = 1/6/2007 5:04:14 PM | Attr = ] K-Meleon -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\K-Meleon -> [Folder | Modified Date = 2/20/2008 10:05:23 PM | Attr = ] Macromedia -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Macromedia -> [Folder | Modified Date = 5/3/2007 8:52:26 PM | Attr = ] Microsoft -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Microsoft -> [Folder | Modified Date = 3/10/2007 2:57:48 PM | Attr = S] Move Networks -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Move Networks -> [Folder | Modified Date = 2/5/2008 10:54:57 PM | Attr = ] My Battle for Middle-earth Files -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\My Battle for Middle-earth Files -> [Folder | Modified Date = 2/17/2008 1:55:13 PM | Attr = ] RipIt4Me -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\RipIt4Me -> [Folder | Modified Date = 1/20/2007 1:58:19 PM | Attr = ] SampleView -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\SampleView -> [Folder | Modified Date = 1/6/2007 4:55:35 PM | Attr = ] Skype -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Skype -> [Folder | Modified Date = 2/20/2008 10:13:22 PM | Attr = ] Sun -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Sun -> [Folder | Modified Date = 1/6/2007 6:56:48 PM | Attr = ] Viewpoint -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Viewpoint -> [Folder | Modified Date = 3/13/2007 2:17:33 AM | Attr = ] You've Got Pictures Screensaver -> C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\You've Got Pictures Screensaver -> [Folder | Modified Date = 1/6/2007 4:54:25 PM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 1/27/2008 11:18:44 AM | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/10/2004 2:00:00 PM | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/21/2008 12:31:30 PM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 106 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Application Data\Microsoft\eHome\mcl_images\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Allen County Career Center.url:favicon 1406 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Animated Knots by Grog.url:favicon 1150 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Association of Zoos and Aquariums Jobs.url:favicon 3262 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\City of Fort Wayne - Jobs with the City.url:favicon 3262 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Cool Critter Pics.url:favicon 1078 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Cool Works Jobs.url:favicon 318 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Ohio State Parks Jobs.url:favicon 318 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Orion Jobs.url:favicon 350 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Rune Tips.url:favicon 2274 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Tennessee Department of Personnel.url:favicon 9062 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\The Nature Conservancy Careers.url:favicon 1406 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\USF Jobs.url:favicon 3638 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Facebook.url:favicon 1150 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Florida State Jobs.url:favicon 10990 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Favorites\Lycos Mail.url:favicon 4710 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Local Settings\Application Data\Microsoft\ehome\Video.db:encryptable 0 bytes C:\Documents and Settings\Owner.Joshua_Hapner\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Start Menu\Games\Colonization.pif:SummaryInformation 88 bytes C:\Documents and Settings\Owner.Joshua_Hapner\Start Menu\Games\Colonization.pif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes scan completed successfully hidden files: 51 < End of report >